Ask Ars: How should my organization approach the IPv6 transition?

Wondering how your organization should approach the prospect of adding IPv6 …

Are you a bad enough dude(tte) to handle IPv6 addresses?

The key to any IPv6 transition will be determining where and how your applications deal with IP addresses at all. Most of the hard work is below this layer in networking equipment and Web servers. Most of our systems have no idea about IP addresses and will never have to deal with one. Our forums/comments/user database, however, deals with lots of IP addressees for a number of reasons.

The product phpBB 3 that powers all of this stores the IP address of newly registered users, stores the IP address of the user alongside every post, and lets our moderators place IP bans on abusive users. There are several points where throwing an IPv6 address into the mix could mess things up, but the two big ones are when IP checking or calculations take place and when those IP addresses are stored in the database.

What do I mean about IP address calculations, matching, and verification? phpBB, for example, allows an administrator to block a single IP address, a range of IP addresses, or use a wildcard syntax. Your application could allow for hostmasks (/24, /16) to be stored alongside an IP address. What you'll need to do is verify that your code can accept an IPv6 address and do all the same work. You'll need to make sure your code can handle abbreviated and full IPv6 addresses. You'll also need to make sure that any IPv4-specific paradigms can be applied to IPv6. Do you really need to let people specify host masks alongside IPv6 addresses? Are they specified in the same way? These are all things you'll need to research and determine for your own specific application.

The second place you might run into problems is when you store IP addresses in a database. You might have configured those columns over-restrictively to perfectly fit an address' four octets and decimals. You might store the IP address in binary. You'll need to make sure that you can store an IPv6 address in either its abbreviated or full format.

Making these changes in your own, home-grown software will probably be fairly straightforward. There are plenty of IPv6 libraries and IPv6 support in your programming language of choice, but you'll need to understand their idiosyncrasies and be prepared to do some more research.

Third-party software

When it comes to software that is out of your hands, you'll need to either wait or fork the code. phpBB 3 is both the most extensive third-party product we use and the one most affected by IPv6 concerns (as explained above). Luckily for us, the phpBB team and community have been nailing down and cleaning up IPv6 bugs for a while. Most of these are slated to be rolled out in the next major release. You'll need to make a list of all the software you maintain that is out of your hands and see if it deals with IP addresses in any capacity, and then you'll have to determine if there's support already baked-in or if it's in the release pipeline. You could theoretically fork the project if it's open-source, but that's a pretty big commitment. In most cases, you'll just have to wait it out. These delays will be important factors in determining the timeline for your transition.

And that's just about it. Once you've nailed down all the problem points, you're probably ready to go. The only job left is to enable the DNS records and see what happens. You'll undoubtedly run into problems that will be worked out over time. For a (really) long time you're going to see both IPv4 and IPv6 clients, so take that into account as you keep moving forward.

How is Ars handling all of this?

Now that you have an understanding of all the potential pain points, we thought we'd run down our specific situation, and try to stick to the levels we outlined above.

First up, at the bottom is our hosting and network provider, ServerCentral. Their network is IPv6-capable and they can provide support up to our racks. Our local networking equipment is where the issues begin to crop up. Not all of this equipment is IPv6-ready or can be made IPv6-ready. Our routers, load balancers, and firewalls will either need to be replaced or get software updates. This will mean downtime and money on our part.

Our operating systems (Linux) and webservers (lighttpd), are all fine, and the same goes for our caching proxy, Varnish. The software that powers our Web front-end is oblivious to anything to do with network-level stuff, but the software that powers our commenting system and forums is not currently able to cope with IPv6-style addresses. This software—phpBB3—won’t be fully IPv6 compatible until the next major revision. Even when this release comes out, we'll need to test it before it's deployed, and probably even setup some kind of IPv6 staging area where we can make sure it handles our use-case in a real-world environment. This will all take time away from regular projects to support the site, and it will take money (our labor and the costs for the staging infrastructure).

It’s also currently unclear what would happen if Ars were to enable IPv6 tomorrow. We know from past experiments by Google and others that a percentage of our customers would find Ars to be unreachable due to poorly configured IPv6 support in the chain between their home and our servers. A good primer on a lot of the issues and challenges involved can be found in our four-page article on the subject: Why the IPv4 to IPv6 transition will be ugly.

This is why World IPv6 Day and the results gleaned from it will be so important. These mega-sites will be looking to see what effects this has on their traffic, their services, and most importantly, their revenue. If these sites turn on IPv6 and see even a 0.1% failure rate, it would be catastrophic in terms of the impact on their bottom line.

Ars will be watching for the results of these trials to help guide us to the right decision on this issue. We know what steps we need to take to make the site available over IPv6, but we just don’t quite know when it will be a worthwhile investment on our part.

It’s worth noting that Ars is an existing service, so we have no particular need for more IPs at the moment, and likely won’t for a long time. If we were contemplating the launch of a new site, we would probably enable IPv6 from the beginning, though we might skip the AAAA record for the time being.

To round this out, we’ve thought about a number of auxiliary issues that we and our partners will have to deal with in the upcoming months and years:

Analytics packages may rely on each user, or a significant number of users, having a unique IP address. Google Analytics, which we use, uses cookie-based tracking to get around this. However there are certain parts of the package, namely geographical tracking down to the state and city level, that require the use of IP tracking. This could break in subtle and unexpected ways when large, nationwide carriers begin using NAT for large swaths of customers.

On occasion, we must rely on IP-based bans to prevent abusive users from accessing our comments and forums. For pretty much every case, this is a successful strategy to keep these spammers and ill-adjusted individuals out. With the upcoming surge in NAT, however, our options in these scenarios are drastically reduced. We (or our forums vendor) will need to find a new solution to this problem.

Even though phpBB will be mostly IPv6-compatible in its next major release, it’s not clear if there will have been extensive testing done across the system. Furthermore, we’ve done a number of modifications to the source and written our own plugins. All of this will need to be tested to ensure nothing breaks if and when IPv6 users begin accessing the boards.

We hope this article has given you a good overview of the basics involved in transitioning to IPv6, along with a little context as to why Ars hasn't made the switch and when we might. If you have any corrections or additional information our readers might find useful on this topic, please leave them in the comments below.